Update qcom-preflight-checks to latest.yml

[Sandhya1236]

Running untrusted code on the pull_request_target trigger may lead to security vulnerabilities. These vulnerabilities include cache poisoning and granting unintended access to write privileges or secrets.

https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target

We should update all usage of pull_request_target in all workflow files and also update qualcomm-preflight-check to the latest.

[Sandhya1236]

CI failure is expected on fork PRs with pull_request

This job is failing at actions/checkout (before QC Preflight runs). The workflow is attempting to fetch the PR head repo (fork) and checkout fails with “Repository not found” / exit code 128 because the workflow token can’t access the fork in our internal/private setup.

This matches OSDO guidance in “OSS Ops Guidance:

https://github.qualcomm.com/OSDO/osdo.github.qualcomm.com/pull/212/files

Prefer splitting untrusted and trusted workflows:
Use pull_request for PR builds/tests (no secrets, read-only).
Move secret-dependent/privileged steps to trusted triggers (e.g. push to protected branches, workflow_dispatch, etc.).
Guiding principle: “Untrusted code and privileged access must never coexist in the same workflow.”
So the failure is due to GitHub’s fork PR permissions model after moving away from pull_request_target, not due to the changes in this PR.

[njjetha]

LGTM !